"""
Copyright (c) 2022 Huawei Technologies Co.,Ltd.

openGauss is licensed under Mulan PSL v2.
You can use this software according to the terms and conditions of the Mulan PSL v2.
You may obtain a copy of Mulan PSL v2 at:

          http://license.coscl.org.cn/MulanPSL2

THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
See the Mulan PSL v2 for more details.
"""
"""
Case Type   : replace越权测试
Case Name   : 利用replace语句越权获取数据信息测试
Create At   : 2023/06/07
Owner       : opentestcase033
Description :
    1、创建测试用户和兼容B库
    2、连接B库创建表、存储过程嵌入replace语句
    3、低权限用户调用存储过程尝试越权操作
    4、清理环境
Expect      :
    1、成功
    2、执行成功
    3、越权失败
    4、成功
History     :
"""

import os
import unittest

from yat.test import macro
from testcase.utils.Logger import Logger
from testcase.utils.CommonSH import CommonSH
from testcase.utils.Constant import Constant


class TestPrivilege(unittest.TestCase):

    def setUp(self):
        self.log = Logger()
        self.log.info(f'-----{os.path.basename(__file__)} start-----')
        self.pri_sh = CommonSH('PrimaryDbUser')
        self.cons = Constant()
        self.db_name = 'db_privilege_0032'
        self.user = 'u_privilege_0032'
        self.table = 't_privilege_0032'
        self.proc = 'pro_privilege_0032'

    def test_security(self):
        text1 = '-----step1:创建测试用户和兼容B库;expect:建表成功-----'
        self.log.info(text1)
        sql = f"drop database if exists {self.db_name};" \
              f"create database {self.db_name} dbcompatibility 'B';" \
              f"drop user if exists {self.user} cascade;" \
              f"create user {self.user} password '{macro.COMMON_PASSWD}';"
        preset_res = self.pri_sh.execut_db_sql(sql)
        self.log.info(preset_res)
        self.assertIn(self.cons.CREATE_DATABASE_SUCCESS, preset_res,
                      f"创建兼容B库失败:{text1}")
        self.assertIn(self.cons.CREATE_ROLE_SUCCESS_MSG, preset_res,
                      f"创建用户失败:{text1}")

        text2 = '-----step2:连接B库创建表、存储过程嵌入replace语句;expect:执行成功-----'
        self.log.info(text2)
        sql = f'''drop table if exists {self.table} cascade;
        create table {self.table}(uid int primary key, name varchar(50));
        grant insert on {self.table} to {self.user};
        replace into {self.table} values(1, 'ccccc');
        create or replace procedure {self.proc}() as
        begin
        replace into {self.table} values(1,'ccccc');
        end;'''
        sql_res = self.pri_sh.execut_db_sql(sql, '', self.db_name)
        self.log.info(sql_res)
        self.assertIn(self.cons.CREATE_TABLE_SUCCESS, sql_res, f"执行失败:{text2}")
        self.assertIn(self.cons.GRANT_SUCCESS_MSG, sql_res, f"执行失败: {text2}")
        self.assertIn(self.cons.CREATE_PROCEDURE_SUCCESS_MSG, sql_res,
                      f"执行失败: {text2}")

        text3 = '-----step3:低权限用户调用存储过程尝试越权操作;expect:空表-----'
        self.log.info(text3)
        res = self.pri_sh.execut_db_sql(
            f"call {self.proc};",
            f'-U {self.user} -W{macro.COMMON_PASSWD}', self.db_name)
        self.log.info(res)
        self.assertIn('ERROR:  permission denied', res, f"执行失败{text3}")

    def tearDown(self):
        text4 = '-----step4:清理环境 expect:成功-----'
        self.log.info(text4)
        drop_db_res = self.pri_sh.execut_db_sql(
            f"drop database if exists {self.db_name};"
            f"drop user if exists {self.user} cascade;")
        self.log.info(drop_db_res)
        self.assertIn(self.cons.DROP_DATABASE_SUCCESS, drop_db_res,
                      f"执行失败: {text4}")
        self.assertIn(self.cons.DROP_ROLE_SUCCESS_MSG, drop_db_res,
                      f"执行失败: {text4}")
        self.log.info(f'-----{os.path.basename(__file__)} end-----')
